diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-08-01 14:56:56 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2014-08-06 20:41:53 +0100 |
| commit | bb4c9ffd02a74057f7f6fd807c5be5d1f807b831 (patch) | |
| tree | a324268665752ea2f2126649ff502777b592520e /ssl/s3_clnt.c | |
| parent | 53348780e9936f49b4ced7459e32d0bebbf9e8fa (diff) | |
Check SRP parameters early.
Check SRP parameters when they are received so we can send back an
appropriate alert.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Diffstat (limited to 'ssl/s3_clnt.c')
| -rw-r--r-- | ssl/s3_clnt.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d9b777701b..b4964f29e4 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1555,6 +1555,12 @@ int ssl3_get_key_exchange(SSL *s) p+=i; n-=param_len; + if (!srp_verify_server_param(s, &al)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS); + goto f_err; + } + /* We must check if there is a certificate */ #ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) |